Sigh
The 8 hour FR outage this week reminded me how much FR is a key part of my connection to current events.
by WINSTON on MAY 31, 2010
With little fanfare, the U.S. Cyber Command (CYBERCOM) has officially begun operation this week. The entity is a collection of personnel from the National Security Agency (NSA), Army, Navy, Marine, Air Force and policy makers (read that politicians). The stated purpose is to protect the vital interests of the United States in relation to the Internet. The entity is not just defensive in nature but can also engage in preemptive strikes intended to disrupt threats. Because this was an internal reorganization within the Department of Defense, the creation of CYBERCOM did not require congressional approval.
Even though the primary purpose of CYBERCOM is to protect government and military networks, there is incredible pressure to extend that protection to civilian and business networks as well. In fact, the second highest official at the Pentagon, William Lynn III - Deputy Secretary of Defense, recently announced that the Department of Defense might start a protective program for civilian networks. Defense Secretary Robert Gates stated the same thing in June 2009.
Policies are being finalized that will allow the Department of Homeland Security (DHS) to request help from CYBERCOM to protect government and civilians networks. Unfortunately there isnt any clarity on what the criteria would be to initiate a request for help. An official at CYBERCOM stated: From our perspective the threshold is really easy: its when we get a request from DHS, the official noted. Whats their threshold? I couldnt tell you what their threshold is.
On the surface this may sound benign, but it is actually quite insidious. The NSA is completing work on threat monitoring systems called EINSTEIN 2 and EINSTEIN 3. According to declassified documents, the stated purposes of these two systems are as follows:
DHS (Department of Homeland Security) is deploying, as part of its EINSTEIN 2 activities, signature-based sensors capable of inspecting Internet traffic entering Federal systems for unauthorized accesses and malicious content. The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. Government networks for malicious activity using signature-based intrusion detection technology . EINSTEIN 2 is capable of alerting US-CERT in real time to the presence of malicious or potentially harmful activity in federal network traffic and provides correlation and visualization of the derived data .
The EINSTEIN 3 system will also support enhanced information sharing by US-CERT with Federal Departments and Agencies by giving DHS the ability to automate alerting of detected network intrusion attempts and, when deemed necessary by DHS, to send alerts that do not contain the content of communications to the National Security Agency (NSA) so that DHS efforts may be supported by NSA exercising its lawfully authorized missions.
Deputy Secretary of Defense William Lynn stated that private companies who operate critical infrastructure (electrical grid, telecommunication networks, Internet service providers, the banking and financial industry, etc) should install EINSTEIN monitoring agents or else they will face the wild, wild west of the Internet. He went on to state that failing to protect these critical infrastrutures could lead to physical damage and economic disruption on a massive scale.
In other words:
Words matter and the usage of them need to be analyzed in order to determine what someone is saying (or not saying) to fully assess a situation:
Lynn stated: I think its gonna have to be voluntary, he added. People could opt into protection or choose to stay out. Individual users may well choose to stay out. But in terms of protecting the nations security, its not the individual users [that matter most]. I mean, they have to worry about their individual [data], their credit rating, and all that. But its the vulnerability of certain critical infrastructure power, transportation, finance. This starts to give you an angle at doing that.
Essentially, Lynn is stating that individual citizens can opt out of EINSTEIN but critical entities will not have a choice.
In summary, we have a new government entity created without congressional approval whose purpose is to monitor (read that spy on) all Internet traffic in the United States, and to take unspecified preemptive strikes when something happens that the agency deems is not acceptable
Obviously privacy organizations are deeply troubled by CYBERCOMs ability to monitor the content of all internet communication. No information has been presented to date on the privacy implications of EINSTEIN 3 and limited information has been provided on an early 2008 versions of EINSTEIN 2.
Fortunately, we have many recent examples worldwide that we can examine to see how governments use these protective powers to defend their citizens in cyberspace:
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety Benjamin Franklin
I think they are Quix, I really do. You are in the midst of a complete takeover and unless and until the America peope RISE UP they will continue to do what they are doing. I’m very disappointed at the reaction to Obama. CO
That's brilliant Quix.
AlarmAndMuster.com, same idea.
I'd be all in favor of trying to start something like that here.